Search in sources :

Example 1 with MonitorAuthorization

use of org.bimserver.webservices.authorization.MonitorAuthorization in project BIMserver by opensourceBIM.

the class LoginDatabaseAction method execute.

@Override
public String execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException, ServerException {
    BimDatabaseAction<User> action = new GetUserByUserNameDatabaseAction(getDatabaseSession(), getAccessMethod(), username);
    User user = action.execute();
    if (user != null) {
        if (user.getPasswordHash() == null || user.getPasswordHash().length == 0) {
            throw new UserException("Your email address has not been validated yet");
        }
        if (new Authenticator().validate(password, user.getPasswordHash(), user.getPasswordSalt())) {
            if (user.getState() == ObjectState.DELETED) {
                throw new UserException("User account has been deleted");
            } else if (user.getUserType() == UserType.SYSTEM) {
                throw new UserException("System user cannot login");
            }
            Authorization authorization = null;
            int sessionTimeOutSeconds = 60 * 10;
            boolean migrationRequired = bimServer.getDatabase().getMigrator().migrationRequired();
            if (!migrationRequired) {
                sessionTimeOutSeconds = bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds();
            }
            if (user.getUserType() == UserType.ADMIN) {
                authorization = new AdminAuthorization(sessionTimeOutSeconds, TimeUnit.SECONDS);
            } else if (user.getUserType() == UserType.MONITOR) {
                authorization = new MonitorAuthorization(sessionTimeOutSeconds, TimeUnit.SECONDS);
            } else {
                authorization = new UserAuthorization(sessionTimeOutSeconds, TimeUnit.SECONDS);
            }
            authorization.setUoid(user.getOid());
            authorization.setUsername(user.getUsername());
            String asHexToken = authorization.asHexToken(bimServer.getEncryptionKey());
            serviceMap.setAuthorization(authorization);
            bimServer.getAuthCache().store(asHexToken, authorization);
            if (!migrationRequired && bimServer.getServerSettingsCache().getServerSettings().isStoreLastLogin()) {
                user.setLastSeen(new Date());
                getDatabaseSession().store(user);
            }
            return asHexToken;
        }
    }
    try {
        // Adding a random sleep to prevent timing attacks
        Thread.sleep(DEFAULT_LOGIN_ERROR_TIMEOUT + new java.security.SecureRandom().nextInt(1000));
    } catch (InterruptedException e) {
        LOGGER.error("", e);
    }
    throw new UserException("Invalid username/password combination");
}
Also used : User(org.bimserver.models.store.User) UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization) MonitorAuthorization(org.bimserver.webservices.authorization.MonitorAuthorization) Date(java.util.Date) UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization) AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization) Authorization(org.bimserver.webservices.authorization.Authorization) MonitorAuthorization(org.bimserver.webservices.authorization.MonitorAuthorization) UserException(org.bimserver.shared.exceptions.UserException) Authenticator(org.bimserver.Authenticator) AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)

Aggregations

Date (java.util.Date)1 Authenticator (org.bimserver.Authenticator)1 User (org.bimserver.models.store.User)1 UserException (org.bimserver.shared.exceptions.UserException)1 AdminAuthorization (org.bimserver.webservices.authorization.AdminAuthorization)1 Authorization (org.bimserver.webservices.authorization.Authorization)1 MonitorAuthorization (org.bimserver.webservices.authorization.MonitorAuthorization)1 UserAuthorization (org.bimserver.webservices.authorization.UserAuthorization)1